System and method of decentralized management of device assets outside a computer network

ABSTRACT

The disclosure relates to decentralized management of edge nodes operating outside an enterprise network using blockchain technology. A management node may operate within a firewall of the enterprise to manage the edge nodes operating outside the firewall using blockchain technology. The management node may coordinate management by writing change requests to a decentralized ledger. The edge nodes may read the change requests from its local copy of the distributed ledger and implement the change requests. Upon implementation, an edge node may broadcast its status to the blockchain network. The management node may mine the transactions from the edge nodes into the distributed ledger, thereby creating a secure and scalable way to coordinate management and record the current and historical system state. The system also provides the edge nodes with a cryptographically secured, machine-to-machine maintained, single version of truth, enabling them to take globally valid decision based on local data.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority to Indian Patent Application No. 201841016311, filed on Apr. 30, 2018, which is related to co-pending and co-owned Indian Patent Application No. 201841016315, filed on Apr. 30, 2018, which are hereby incorporated by reference herein in its entirety.

DESCRIPTION OF THE RELATED ART

Geo-distributed decentralized enterprise infrastructures such as factory floors, clusters of geographically distributed servers and fleets of autonomous vehicles, can be difficult to manage. These systems can be massive in scale, completely decentralized and heterogeneous in nature. The management challenges may be compounded in applications in which these infrastructures have devices (also referred to as “nodes”) that operate outside of an enterprise network. Accordingly, it is often the case that the enterprise includes one or more nodes that are owned by a variety of different users, which can create a problem for conventional management solutions.

Devices that are distributed geographically and are part of the enterprise but are owned or controlled by multiple parties are typically administered through an open (public) network. Management operation on public networks opens up a new attack surface that regular management solutions are not designed to handle. Furthermore, the automatic addition of new edge devices poses an additional challenge of synchronizing the new device to the correct state. For example, adding a new autonomous vehicle to a network of vehicles will require the new vehicle to have the correct software configuration state before it is fully functional within the network.

These issues are not necessarily limited to public network implementations. For example, geo-distributed privately owned systems may also face a similar set of problems. Even though the system may be legally owned by one entity, different departments (or other entities) of the same private entity may be tasked with administering the individual components of the system.

A similar problem may exist when an existing node goes offline and re-enters the network or restarts. Other problems such as malicious attacks on a given node may require a reset to a trusted or checkpointed state. However, conventional management systems do not have a mechanism to derive a single version of truth about the state of the system. This may result from the state of the system being fragmented and present in individual management domains. Also, nodes and software (firmware, OS, etc.) cannot always be fully trusted because there is no authoritative version of state that can be used to allow every interacting entity to classify a node as compliant or non-compliant. Non-compliant nodes pose the risk of compromising the entire network.

BRIEF SUMMARY OF THE DISCLOSURE

According to various embodiments of the disclosed technology, a management server may manage one or more edge nodes, outside a private network, through a blockchain network. Each edge node may be permitted to read but not write to a distributed ledger of the blockchain network. The management server may both write to and read from the distributed ledger (as well as blockchain transactions) to convey management requests to the edge nodes. The management server (also referred to as a “management node”) may obtain a change request to be transmitted to at least a first edge node among the one or more edge nodes. The change request may specify one or more management operations.

The management node may transmit the change request to the edge nodes by generating and transmitting a blockchain transaction. The management node may write the blockchain transaction to a first ledger block that includes a payload comprising the transaction that specifies the change request. The management node may add the first ledger block to the distributed ledger, a copy of which is stored at each of the one or more edge nodes.

Each edge node may obtain the change request either from the blockchain transaction (such as in a transaction pool) and/or from its local copy of the distributed ledger. Each edge node may determine whether the change request should be implemented and update its state to indicate whether the change request has been implemented. Each edge node may then broadcast its state to the blockchain network, which may be performed by generating a blockchain transaction indicating its state.

The management node may obtain, from each of the one or more edge nodes, a respective state of each node. The management node may do so by obtaining and reading a blockchain transaction from an edge node. In some instances, the management node may generate a second ledger block that includes a second payload that indicates the respective state of each of the one or more edge nodes obtained from the blockchain transaction. The ledger entry may point to one or more transactions that each indicate a state of an edge node. The management node in these instances may add the second ledger block to the distributed ledger, thereby creating an immutable record of the state of the blockchain network, including state transitions resulting from change requests.

Other features and aspects of the disclosed technology will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, which illustrate, by way of example, the features in accordance with embodiments of the disclosed technology. The summary is not intended to limit the scope of any inventions described herein, which are defined solely by the claims attached hereto.

BRIEF DESCRIPTION OF THE DRAWINGS

The technology disclosed herein, in accordance with one or more various embodiments, is described in detail with reference to the following figures. The drawings are provided for purposes of illustration only and merely depict typical or example embodiments of the disclosed technology. These drawings are provided to facilitate the reader's understanding of the disclosed technology and shall not be considered limiting of the breadth, scope, or applicability thereof.

FIG. 1 illustrates an example of a system of decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 2 illustrates an example of a management node in a blockchain network for decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 3 illustrates an example of an edge node in a blockchain network for decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 4 illustrates an example of a blockchain interface layer for decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 5 illustrates an example of a process of decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 6 a block entry in a distributed ledger that includes transaction information for decentralized management of device assets outside a computer network, according to an implementation of the invention.

FIG. 7 illustrates an example of a transaction for inclusion in a block entry of a distributed ledger that includes information for decentralized management of device assets outside a computer network, according to an implementation of the invention.

The figures are not intended to be exhaustive or to limit the invention to the precise form disclosed. It should be understood that the invention can be practiced with modification and alteration, and that the disclosed technology be limited only by the claims and the equivalents thereof.

DETAILED DESCRIPTION

Embodiments of the systems and methods disclosed herein may be implemented to provide a controller framework that allows participant nodes in a network to interact with each other using blockchain technology. The use of blockchain technology for these interactions may be implemented to ensure that the interactions are secured, non-repudiated, sequenced and permissioned. Embodiments may also be implemented to use a blockchain to allow participants to evolve a consensus protocol for the evaluation of change proposals by network participants. For example, consensus protocols can be agreed by all participants and implemented as smart contracts in the system using blockchain technology. One example of a simple protocol may be a protocol used by a node to determine whether to accept a change proposal based on local policies that govern implementation of requested changes. Continuing with this example, a smart contract may be used to implement this protocol and deploy it on the network.

In another embodiment, operations may be implemented to provide provenance tracking across a heterogeneous distributed storage platform to track which nodes conducted which operations on which systems. In some applications, metadata operations may be routed via a blockchain and storage devices or other network entities can be configured to accept operations only via the blockchain interface. For example, storage devices on the network can be commanded to allow metadata operations only via the blockchain interface. In this way, factors such as identity, authorization, provenance, non-repudiation and security can be provided for operations on nodes managed in this way.

Accordingly, embodiments may be implemented in which the management operation becomes decentralized and the system no longer requires a central entity to enforce policies. Particularly, in some applications the system may be implemented with no central management server, and may instead use only a management node or nodes to input management instructions onto the blockchain using blockchain transactions. Once a change is approved, a device may implement the change and the blockchain can be used to provide a clear record of state of the system as it evolves over time. Because embodiments may be implemented in a peer-to-peer environment without a central management entity, the enterprises scalable without limitations on how many nodes a central management entity might be able to address. Additionally, the absence of a central management entity may also eliminate this entity as a single point of failure. This may provide the added benefit of reducing attack surfaces by eliminating a single point of failure that might otherwise be used to bring the system down.

Decentralized management of assets operating outside a computer network (also referred to as edge nodes) from within the computer network may be achieved. The edge nodes may include enterprise devices and the computer network may include the enterprise's network. Network traffic to and from the computer network may pass through a firewall around the computer network. A management server (also referred to as a management node) may operate within the firewall to manage the configuration of edge nodes operating outside the firewall using blockchain technology. The management node and the edge nodes may be part of a blockchain network.

The management node may act as a full node that stores a complete or at least updated copy of a distributed ledger. The management node may also act as a miner that has permission to write blocks to the distributed ledger. The management node may mine management operations in the form of change requests into the distributed I and edger. The management operations may include, without limitation, removal of an edge node from the network (such as resulting from non-compliance of the edge node to set protocols followed by the network), addition of a new asset (edge node) in to the network and configure the new asset, proposal of a new software update that will be installed on all edge nodes, execution of a status check on some or all of the edge nodes, and/or other operations that can be remotely ordered and applied locally at an edge node.

Updates to the distributed ledger are propagated to all of the nodes (such as the edge nodes and the management node) according to a blockchain specification, including via peer-to-peer sharing. This permits the management node to communicate change requests to edge nodes through the distributed ledger in a secure and immutable way. This also permits generation of a historic and current record of the management operations. As such, a historic and current state of the system may be stored and retrieved from the distributed ledger.

Each of the edge nodes may act as a full node that stores a complete or at least updated copy of the distributed ledger. In some instances, none of the edge nodes have permission to write to the distributed ledger and therefore cannot issue change requests to other edge nodes. An edge node may read its local copy of the distributed ledger to obtain the change requests. Upon receipt of a change request, the edge node may implement the change request and update its state to indicate the change request has been implemented. This state transition may be broadcast to other nodes, such as in the form of a blockchain transaction. The management node may collect transactions not yet written to the distributed ledger and write them to the distributed ledger, thereby ensuring an immutable and distributed record of change requests and state transitions. As such, the distributed ledger may record the current and historic configuration of the edge nodes.

Use of the foregoing architecture ensures management operations are secured, non-repudiated, sequenced, and permissioned. Management operations become partially “decentralized”; as a data center within a computer network serves as a management node that enforces policies and electronically proposes changes. Once a change is mined into the distributed ledger, each of the systems implement the change and there is a clear record and undisputable record of state of the system as it progressed and evolved over time. For example, an edge node can synchronize its copy of the distributed ledger from other edge nodes (or from the management node) to obtain the current, valid, and immutable configuration of the system. The foregoing permits system scaling, as any participant of the system may access current (and historic) state information from the distributed ledger. New edge nodes may be added by providing the new node with a copy of the distributed ledger. A new edge node may then configure itself according to the current state information from its copy of the distributed ledger or otherwise obtain software or other updates consistent with the current state information.

FIG. 1 illustrates an example of a system 100 of decentralized management of device assets outside a computer network 102, according to an implementation of the invention. System 100 may include a blockchain network 110. The blockchain network 110 may include a plurality of nodes that are connected to one another using one or more connection protocols, including a peer-to-peer connection protocol. The nodes of the blockchain network 110 may include a management node 12 and edge nodes 10. The particular number of, configuration of, and connections between the edge nodes 10 may vary. As such, the arrangement of the edge nodes 10 shown in FIG. 1 is for illustrative purposes only.

The management node 12 is part of and operates within a firewall 106 of computer network 102 and the edge nodes 10 operate outside the firewall. The computer network 102 may also include one or more backup systems 104 that provides failover protection for the management node 12 and/or other components 108 operating within the computer network. The components of the computer network 102 may communicate with one another via a local area network (“LAN”), which can be wired, wireless, or hybrid. The components of the computer network 102 may communicate with devices outside the computer network 102 through the firewall 106. The firewall 106 may be configured as a software firewall and/or a hardware firewall device. The firewall 106 may include or connect with a network switch device that routes network traffic into and out of the computer network via the firewall. Computer network 102 and blockchain network 110 can be connected via a network 101. The network 101 may include a wide area network (“WAN”) that connects devices outside the firewall 106.

Examples of further details of a management node 12 will now be described with reference to FIG. 2. The management node 12 may include one or more processors 20 (also interchangeably referred to herein as processors 20, processor(s) 20, or processor 20 for convenience), management user interface 22, a controller 24, blockchain interface layer 30. Management node 12 may further include one or more storage devices 40, and/or other components. For example, in some embodiments, the one or more storage devices 40 may store distributed ledger 42, smart contract(s) 44, node keys 46, and global policy 48 (described in greater detail below). The processor 20 may be programmed by one or more computer program instructions. For example, the processor 20 may be programmed to execute the management user interface 22, the controller 24, the blockchain interface layer 30, and/or other instructions to perform various operations, each of which are described in greater detail herein. As used herein, for convenience, the various instructions will be described as performing an operation, when, in fact, the various instructions program the processors 20 (and therefore management node 12) to perform the operation.

The management user interface 22 may provide an interface, such as a graphical user interface, a command line interface, and/or other type of interface configured to receive management option inputs. For instance, a user such as a system administrator may use the management user interface 22 to input management operations to be conducted on one or more of the edge nodes 10 of the blockchain network 110, or to input an edge node to be added. In this manner, the user may manage edge nodes 10 based on change requests originating from within the computer network 102.

The controller 24 may obtain management operations to be performed and may communicate them to the relevant edge nodes 10. The management operations may be obtained from the management user interface 22 and/or a global policy 48. Controller 24 may communicate the management operations using the blockchain interface layer 30. For example, the controller 24 may write the management operations into a blockchain transaction that is broadcast to the edge nodes 10. The blockchain transaction may be broadcast using a multicast protocol to several or all edge nodes 10. In some instances, the blockchain transaction may be broadcast using peer-to-peer networking in which the management node 12 acts as a peer to broadcast the transaction to at least one other peer (in this case, an edge node 10), which broadcasts the transaction to other peers and so on. In some implementations, the controller 24 may wait until a blockchain transaction is signed by an edge node 10 as described herein before writing the transaction to a block (also referred to herein as a “ledger block”) of the distributed ledger 42. In these implementations, the edge nodes 10 may obtain management operations directly from the broadcasted transaction. In other implementations, the controller 24 may write the transaction to a block of the distributed ledger 42. In these implementations, the edge nodes 10 may obtain management operations by obtaining the current (in other words latest) block that references transactions having management operations.

In whichever manner the controller 24 broadcasts the management operations to edge nodes 10 using the blockchain interface layer 30, the controller may do so to in a manner that is directed all edge nodes 10. For example, a management operation of “check status” may be directed to all nodes of the blockchain network 110 so that each edge node is instructed to perform a status check. Each edge node 10 will then perform the status check and broadcast its state indicating the results of the status check (or other management operation as described below).

In some instances, the controller 24 may target one or more edge nodes 10 to receive a management operation. In these implementations, the controller 24 may generate a blockchain transaction and/or a block on the distributed ledger 42 directed to the targeted edge node(s) 10. For instance, the controller 24 may encode an identifier of the edge node 10 that is targeted. Alternatively or additionally, the controller may encode a device type that targets certain types of edge nodes 10 that should perform management operations. Still other examples include locations that should be targeted such that edge nodes in certain geolocations are targeted. The smart contracts 44 may include rules, which each edge node 10 follows, that direct the nodes to inspect transactions and/or blocks to determine whether it should apply a management operation contained in the transaction and/or block. In some implementations, the controller 24 may encrypt the management operation to be performed with a target edge node's 10 public key such that only the target edge node can decrypt the management operation with its private key.

In some instances, certain management operations may be executed periodically without user intervention. For example, controller 24 may execute a daemon or other process that periodically causes a status check from all edges nodes 10 to be executed. This daemon may periodically generate relevant change requests, which are issued to the edge nodes 10—and tracked via—the distributed ledger 42.

In an implementation, the controller 24 may enforce global policy 48 by ensuring that the state of the network complies with the global policy. For instance, the controller 24 may periodically obtain the current system state from the distributed ledger 42. As noted elsewhere, state transitions of the edge nodes 10 may be recorded on the distributed ledger 42. Alternatively or additionally, the result of status checks may be written to the distributed ledger 42, indicating the current state of the system. The controller 24 may compare the current system state (such as state of the blockchain network 110) with the global policy 48, which may specify a desired state of the system. The desired state may include a macro state of the system as a whole and/or a micro-state of any individual or group of edge nodes. Any discrepancies may be noted and an edge node 10 in non-compliance may be targeted for executing a management operation that will resolve the non-compliance. In some instances, the smart contracts 44 and/or global policy 48 may encode rules that specify when a non-complying edge node 10 should be taken offline. For instance, the rules may specify an edge node 10 that continues to be in non-compliance after N number of blocks have been written to the distributed ledger 42 should be taken offline. Other parameters may specify such removal as well. The foregoing may ensure recurring policy enforcement and compliance using the blockchain interface layer 30.

In an implementation, in connection with certain types of management operations, the controller 24 may make available files for download. For instance, operating system images, software updates, new software, and/or other downloadable files or data may be made available for edge nodes 10 to download in connection with a management operation. This may ensure that the distributed ledger 42 itself does not have to store such files or data but stores an immutable record of current files or data that should be used (as well as historic listing of such files or data).

The blockchain interface layer 30 may be used to interface with the distributed ledger 42 in accordance with the smart contracts 44. The blockchain interface layer 30 is described with reference to FIG. 4 below.

The storage devices 40 may store a distributed ledger 42, smart contracts 44, node keys 46, and/or other data. The distributed ledger 42 may include a series of blocks of data that reference at least another block, such as a previous block. In this manner, the blocks of data may be chained together. An example of a distributed ledger is described in the well-known white paper “Bitcoin: A Peer-to-Peer Electronic Cash System,” by Satoshi Nakamoto (bitcoin.org), the contents of which are incorporated by reference in its entirety herein. The distributed ledger 42 may store blocks that indicate a state of an edge node 10 relating to its configuration or other management information.

The smart contracts 44 may include rules that configure nodes to behave in certain ways in relation to decentralized management of edge nodes. For example, the rules may specify deterministic state transitions, which nodes may enroll to participate in decentralized management, rules for implementing a change request issued by the management node 12, and/or other actions that an edge node 10 or management node 12 may take for decentralized management.

The node keys 46 may store public encryption keys of edge nodes 10 in association with their identifiers (such as Internet Protocol or other addresses and/or identifying information). In this manner, in some implementations, change requests may be targeted to specific edge nodes 10 and encrypted using the target edge node's public key.

The global policy 48 may store a security or other policy for the system. The global policy 48 may include, for example, network configuration settings, security configuration settings, operating system settings, application settings, policy rules, and/or other policy information for devices managed by the management node 12.

Examples of further details of an edge node 10 will now be described with reference to FIG. 3. An edge node 10 may be a fixed or mobile device. While only one of the edge nodes 10 is illustrated in detail in the figures, each of the edge nodes 10 may be configured in the manner illustrated. The edges nodes 10 may communicate with one another in a peer-to-peer manner. The edge nodes 10 may each include one or more processors 50 (also interchangeably referred to herein as processors 50, processor(s) 50, or processor 50 for convenience), blockchain agent 52, configuration manager 54, and blockchain interface layer 30 Additionally, the edge nodes 10 may further include one or more storage devices 70, and/or other components. In some embodiments, storage devices 70 may store distributed ledger 42, smart contract(s) 44, public key 72, private key 74, and local policy 78 (described in greater detail below).

The processor 50 may be programmed by one or more computer program instructions. For example, the processor 50 may be programmed to execute a blockchain agent 52, a configuration manager 54, a blockchain interface layer 30, and/or other instructions to perform various operations, each of which are described in greater detail herein. As used herein, for convenience, the various instructions will be described as performing an operation, when, in fact, the various instructions program the processors 50 (and therefore edge node 10) to perform the operation.

The blockchain agent 52 may use the blockchain interface layer 30 to communicate with other edge nodes 10 and/or management node 12. The blockchain interface layer 30, described with reference to FIG. 4, may operate in the same manner at management node 12 and edge node 10 to communicate with the blockchain network (other than being able to write to the distributed ledger 42). For example, the blockchain agent 52 may obtain an updated copy of the distributed ledger 42 from one or more other edge nodes 10 and/or management node 12. The blockchain agent 52 may also obtain management operations from the distributed ledger 42 written by the management node 12. In this manner, the management node 12 may communicate management operations to be performed at an edge node 10 through the distributed ledger 42.

The configuration manager 54 may obtain one or more management operations from the blockchain agent 52. The configuration manager 54 may apply the one or more management operations to the edge node 10. In some instances, the configuration manager 54 may apply the management operations without a determination of whether to do so. In other instances, the configuration manager 54 may consult one or more local policies to ensure that the edge node 10 can comply with the one or more management operations. The local policies may be encoded by the smart contracts 44. Alternatively or additionally, some local policies may be stored in a local policy 78, which is not necessarily shared with other edge nodes 10. In other words local policy 78 may be defined specifically at an edge node at which it is stored.

Once the configuration manager 54 has acted on the one or more management operations (whether by applying them or not), the blockchain agent 52 may broadcast its state to other nodes of the blockchain network 110. For example, the blockchain agent 52 may generate and transmit a blockchain transaction that indicates the state of the edge node 10 (such as whether, how, and/or when the one or more management operations have been applied). The blockchain transaction may include information identifying the management operation was (or was not) performed. For example, the information identifying the management operation may be a block identifier (such as a block hash) that identifies the block from which the management operations was obtained. In this manner, the blockchain transaction indicating a node's state may record the management operation that was (or was not) applied.

For implementations in which management operations are targeted to an edge node 10 and encrypted using the targeted edge node 10's public key 72, the blockchain agent 52 may decrypt the management operations using the edge node 10's private key 74. In some implementations, the blockchain agent 52 may digitally sign a blockchain transaction from the management node 12 that includes a management operation. For instance, the management node 12 may generate a transaction directed to the edge node 10 and sign the transaction using the management node 12's public key.

The management node 12 may then write the signed transaction to the distributed ledger 42 to create an immutable record of the management operation and state change of the targeted edge node. In this manner, the transaction may be securely proven to have been executed by the edge node 10. It should be noted that the edge node 10 need not specifically be targeted in order to sign the transaction so as to create a record of the edge node's 10 state in a transaction and therefore block.

Upon receipt of a transaction, the edge node 10 apply the management operation and indicate that it has successfully done so by signing the transaction with the edge node's private key. The management node 12 may write this transaction into the distributed ledger 42, creating a secure, immutable record that proves that the edge node received and applied the management operation. In some implementations, an edge node 10 may be associated with a series of transactions such that each transaction may refer to a previous transaction hash. The transactions may be written to the distributed ledger 42 by the management node 12, creating an immutable and historic record of transactions for a given edge node 10.

In an implementation, the configuration manager 54 may periodically ensure compliance with the current state of the system. For instance, the smart contracts 44 may encode rules that specify what events trigger such checking. The events may include a restart, a new initialization, a passage of a period of time, a number of blocks written to the distributed ledger 42, a security event such as detection of malware, an input from a user specifying that the check should occur, and/or other event that can trigger compliance evaluation. To evaluate compliance, the configuration manager 54 may determine whether any current management operations (as defined by the latest block encoding such operations), including global ones and those specifically targeted to the edge node 10. If so, the configuration manager 54 may determine whether they should have been but were not implemented. If not, the configuration manager 54 may implement the management operations. In this manner, the edge nodes 10 may self-enforce the current management operations (as defined by the current system state).

The storage devices 70 may store an edge node's copy of the distributed ledger 42, the edge node's copy of smart contracts 44, the edge node's public key 72, the edge node's private key 74, local policy 78, and/or other data.

Reference will now be made to FIG. 4, which illustrates an example of the blockchain interface layer 30. Each of the edge nodes 10 and the management node 12 may implement the blockchain interface layer 30, except that the edge nodes 10 may not have permission to write to the distributed ledger 42. The blockchain interface layer 30 may include a messaging interface used to communicate with the blockchain network 110. The messaging interface may be configured as a Secure Hypertext Transmission Protocol (“HTTPS”) microserver 404. Other types of messaging interfaces may be used as well. The blockchain interface layer 30 may use a blockchain API 406 to make calls for blockchain functions based on a blockchain specification. Examples of blockchain functions include, but are not limited to, reading and writing blockchain transactions 408 and reading and writing blockchain blocks to the distributed ledger 42. One example of a blockchain specification is the Ethereum specification. Other blockchain specifications may be used as well.

Consensus engine 410 may include functions that make consensus decisions, such as whether to enroll a node to participate in decentralized management of the edge nodes.

Reference will now be made to FIG. 5, which illustrates an example of a process 500 of decentralized management of device assets outside a computer network 102.

In an operation 502, each of the nodes (including the management node 12 and the edge nodes 10) may enroll into the blockchain network 110. In an implementation, the smart contracts 44 may encode rules for enrolling a node for participation in the blockchain network 110. The rules may specify required credentials and/or other enrollment prerequisites. The required credentials may impose permissions on which nodes are allowed to participate. In these examples, the blockchain network 110 may be configured as a private blockchain where only authorized nodes are permitted to participate in an iteration.

The authorization information and expected credentials may be encoded within the smart contracts 44 or other stored information available to nodes on the blockchain network 110. Once a node has been enrolled, the blockchain network 110 may record an identity of the node and its state so that an identification of all nodes is known. Such recordation may be made via an entry in the distributed ledger 42. As such, the distributed ledger 42 may record a topology of the nodes and a state of the nodes.

In an operation 504, the management node 12 may issue a change request. The change request may be made through the distributed ledger 42 by writing one or more management operations to be performed at the edge nodes 10 as change requests acted on by the edge nodes. For example, the management node 12 may generate a transaction containing the one or more management operations to be performed at the edge nodes 10 and write the transaction as a block into the distributed ledger 42, in which case the edge nodes 10 may obtain the management operations from the distributed ledger 42. In some implementations, the management node 12 may generate and broadcast a blockchain transaction containing the one or more management operations, in which case the edge nodes 10 may obtain the management operations from the broadcasted transactions.

In an operation 506, the edge nodes 10 may obtain and implement the one or more management operations. For example, an edge node 10 may obtain the latest block relating to management operations from its copy of the distributed ledger 42, read one or more transactions referenced in the latest block, and obtain the management operations from the one or more transactions. In other examples, the edge node 10 may obtain the management operations from transactions originating from the management node 12. In these examples, the edge node 10 may obtain the transactions directly from the management node 12 or from a peer edge node 10 (which itself received the transactions from the management node 12 or other peer edge node 10).

In an operation 508, each node may record its state. For example, an edge node 10 may provide to other nodes an indication of whether or not the management operations were performed, and if so, whether successfully performed. The edge node 10 may write its state to a transaction that is shared to other nodes in the blockchain network 110 using the blockchain API 406. The management node 12 may obtain the transactions and mine them into the distributed ledger 42 using the blockchain API 406. Doing so creates an undisputable, tamperproof provenance of the global state of the blockchain network 110.

The foregoing architecture and processes permit the participants of the system to know the full state of the system from their local copy of the distributed ledger 42. This allows the node to take globally valid decisions based on local data, as well as scale to add new nodes or account for restarting nodes that need to synchronize to the current state of the network.

FIG. 6 illustrates an example of a blockchain block 600 (also referred to as “block 600”), according to an implementation of the invention. The particular format and configuration of block 600 may be dependent on the blockchain platform used to implement the blockchain network 110. The management node may write transactions to block 600, which is added to distributed ledger 42. The transactions may be submitted by nodes, including the management node 12 and edge node 10, in order to broadcast status information to the blockchain network 110. The management node 12 may also submit transactions to provide management operations to be performed at an edge node 10.

The block 600 may include a payload comprising a previous block hash 602, proof information 604, identification of transactions 606, block type information 608, and/or other block information 610. The previous block hash 602 may include a value of a hash of a previous block. As such, the block 600 may be linked to another (previous) block in the distributed ledger 42. The proof information 604 may include a proof of stake or proof of work, depending on which type of blockchain is implemented. For proof of stake implementations, the proof information may include evidence that a node that generated the block 600 is a management node. Such information may include node credential information (such as an identifier) and/or other information that indicates a proof of stake of the management node. In proof of work implementations, the proof information may indicate a hash value or other challenge response from the management node 12 that indicates that the management node actually performed work required to write the block 600. The transaction data—and the block 600—may be used to coordinate decentralized machine learning across edge nodes 10. The transaction data may include an identification of transactions 606 associated with the block 600. This is because each edge node 10 may have a copy of the distributed ledger 42 and is able to monitor the state of the system.

FIG. 7 illustrates an example of a management blockchain transaction 700 (also referred to as “transaction 700”), according to an implementation of the invention. Transaction 700 may include node identification information 702, management operations information 704, node state information 706, image location information 708, and/or other transaction information 710.

The node identification information 702 may include an identification of a node that provided the transaction 700. The management operations information 704 may identify one or more management operations to be performed. For instance, a management node 12 may have written the management operations to be performed not only to issue a change request to edge nodes 10 but also document the current state of the system. The node state information 706 may include information that indicates a state of a node that generated the transaction. The image location information may include a location of where or otherwise how to obtain image or other data to complete the management operations. For example, if a management operation includes a change request to update to a new version of software, the location of such software may be encoded in the image location information 708. In some instances, to the extent that the update is below a threshold size, the image location information may include the update itself. Other transaction information 710, such as a timestamp of when the transaction was created, may be stored as well.

Although illustrated in FIG. 1 as a single component, an edge node 10 or management node 12 may include a plurality of individual components (such as computer devices) each programmed with at least some of the functions described herein. The one or more processors 20 or 50 may each include one or more physical processors that are programmed by computer program instructions. The various instructions described herein are provided for illustrative purposes. Other configurations and numbers of instructions may be used, so long as the processor(s) 20 or 50 are programmed to perform the functions described herein.

Furthermore, it should be appreciated that although the various instructions are illustrated in FIG. 1 as being co-located within a single processing unit, in implementations in which processor(s) 20 or 50 includes multiple processing units, one or more instructions may be executed remotely from the other instructions.

The description of the functionality provided by the different instructions described herein is for illustrative purposes, and is not intended to be limiting, as any of instructions may provide more or less functionality than is described. For example, one or more of the instructions may be eliminated, and some or all of its functionality may be provided by other ones of the instructions. As another example, processor(s) 20 or 50 may be programmed by one or more additional instructions that may perform some or all of the functionality attributed herein to one of the instructions.

The various instructions described herein may be stored in a storage device 40 or 70, which may comprise random access memory (RAM), read only memory (ROM), and/or other memory. The storage device may store the computer program instructions (such as the aforementioned instructions) to be executed by processor 20 or 50 as well as data that may be manipulated by processor 20 or 50. The storage device may comprise one or more non-transitory machine-readable storage media such as floppy disks, hard disks, optical disks, tapes, or other physical storage media for storing computer-executable instructions and/or data.

The distributed ledger 42, transaction queue, smart contracts 44, management operations to be performed, and/or other information described herein may be stored in various storage devices such as storage device 40 or 70. Other storage may be used as well, depending on the particular storage and retrieval requirements. For example, the various information described herein may be stored using one or more databases. The databases may be, include, or interface to, for example, an Oracle™ relational database sold commercially by Oracle Corporation. Other databases, such as Informix™, DB2 (Database 2) or other data storage, including file-based, or query formats, platforms, or resources such as OLAP (On Line Analytical Processing), SQL (Structured Query Language), a SAN (storage area network), Microsoft Access™ or others may also be used, incorporated, or accessed. The database may comprise one or more such databases that reside in one or more physical devices and in one or more physical locations. The database may store a plurality of types of data and/or files and associated data or file descriptions, administrative information, or any other data.

The edge nodes 10 and management node 12 illustrated in FIG. 1 may be coupled to other nodes via a network, which may include any one or more of, for instance, the Internet, an intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a SAN (Storage Area Network), a MAN (Metropolitan Area Network), a wireless network, a cellular communications network, a Public Switched Telephone Network, and/or other network. In FIG. 1, as well as in other drawing figures, different numbers of entities than those depicted may be used. Furthermore, according to various implementations, the components described herein may be implemented in hardware and/or software that configure hardware.

The various processing operations and/or data flows depicted in FIG. 5 (and in the other drawing figures) are described in greater detail herein. The described operations may be accomplished using some or all of the system components described in detail above and, in some implementations, various operations may be performed in different sequences and various operations may be omitted. Additional operations may be performed along with some or all of the operations shown in the depicted flow diagrams. One or more operations may be performed simultaneously. Accordingly, the operations as illustrated (and described in greater detail below) are exemplary by nature and, as such, should not be viewed as limiting.

Other implementations, uses and advantages of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. The specification should be considered exemplary only, and the scope of the invention is accordingly intended to be limited only by the following claims.

While various embodiments of the disclosed technology have been described above, it should be understood that they have been presented by way of example only, and not of limitation. Likewise, the various diagrams may depict an example architectural or other configuration for the disclosed technology, which is done to aid in understanding the features and functionality that can be included in the disclosed technology. The disclosed technology is not restricted to the illustrated example architectures or configurations, but the desired features can be implemented using a variety of alternative architectures and configurations. Indeed, it will be apparent to one of skill in the art how alternative functional, logical or physical partitioning and configurations can be implemented to implement the desired features of the technology disclosed herein. Also, a multitude of different constituent module names other than those depicted herein can be applied to the various partitions. Additionally, with regard to flow diagrams, operational descriptions and method claims, the order in which the steps are presented herein shall not mandate that various embodiments be implemented to perform the recited functionality in the same order unless the context dictates otherwise.

Although the disclosed technology is described above in terms of various exemplary embodiments and implementations, it should be understood that the various features, aspects and functionality described in one or more of the individual embodiments are not limited in their applicability to the particular embodiment with which they are described, but instead can be applied, alone or in various combinations, to one or more of the other embodiments of the disclosed technology, whether or not such embodiments are described and whether or not such features are presented as being a part of a described embodiment. Thus, the breadth and scope of the technology disclosed herein should not be limited by any of the above-described exemplary embodiments.

Terms and phrases used in this document, and variations thereof, unless otherwise expressly stated, should be construed as open ended as opposed to limiting. As examples of the foregoing: the term “including” should be read as meaning “including, without limitation” or the like; the term “example” is used to provide exemplary instances of the item in discussion, not an exhaustive or limiting list thereof; the terms “a” or “an” should be read as meaning “at least one,” “one or more” or the like; and adjectives such as “conventional,” “traditional,” “normal,” “standard,” “known” and terms of similar meaning should not be construed as limiting the item described to a given time period or to an item available as of a given time, but instead should be read to encompass conventional, traditional, normal, or standard technologies that may be available or known now or at any time in the future. Likewise, where this document refers to technologies that would be apparent or known to one of ordinary skill in the art, such technologies encompass those apparent or known to the skilled artisan now or at any time in the future.

The presence of broadening words and phrases such as “one or more,” “at least,” “but not limited to” or other like phrases in some instances shall not be read to mean that the narrower case is intended or required in instances where such broadening phrases may be absent. The use of the term “module” does not imply that the components or functionality described or claimed as part of the module are all configured in a common package. Indeed, any or all of the various components of a module, whether control logic or other components, can be combined in a single package or separately maintained and can further be distributed in multiple groupings or packages or across multiple locations.

Additionally, the various embodiments set forth herein are described in terms of exemplary block diagrams, flow charts and other illustrations. As will become apparent to one of ordinary skill in the art after reading this document, the illustrated embodiments and their various alternatives can be implemented without confinement to the illustrated examples. For example, block diagrams and their accompanying description should not be construed as mandating a particular architecture or configuration. 

What is claimed is:
 1. A system, comprising: one or more edge nodes, outside a private network, each permitted to read but not write to a distributed ledger of a blockchain network; a management node, within the private network and communicably coupled to the one or more edge nodes, permitted to both read and write to the distributed ledger, the management node programmed to: obtain a change request to be transmitted to at least a first edge node among the one or more edge nodes, the change request specifying one or more management operations; generate a first ledger block that includes a payload comprising the change request; add the first ledger block to the distributed ledger, a copy of which is stored at each of the one or more edge nodes; obtain, from each of the one or more edge nodes, a blockchain transaction that indicates a respective state of each of the one or more edge nodes after each of the one or more edge nodes has responded to the change request; and generate a second ledger block that includes a second payload comprising the respective state of each of the one or more edge nodes obtained from the blockchain transaction; and add the second ledger block to the distributed ledger.
 2. The system of claim 1, further comprising: the first edge node, the first edge node programmed to: obtain the first ledger block from a first copy of the blockchain ledger stored at the first edge node; read the change request from the first ledger block; obtain a first policy for the first edge node; determine that the first policy permits implementation of the change request; implement the change request; generate a first blockchain transaction that indicates the change request has been implemented at the first edge node; and broadcast the first blockchain transaction to the blockchain network.
 3. The system of claim 2, wherein to obtain, from each of the one or more edge nodes, a blockchain transaction, the management node is programmed to: obtain the blockchain transaction through a firewall that protects the private network.
 4. The system of claim 2, the system further comprising: at least a second edge node from among the one or more edge nodes, the second edge node programmed to: determine that an event at the second edge node has occurred; trigger a synchronization with a current state of the blockchain network; obtain a current copy of the distributed ledger from at least one of the one or more edge nodes or from the management node; obtain the current state of the blockchain network based on the current copy of the distributed ledger; and configure the second edge node based on the current state of the blockchain network.
 5. The system of claim 2, wherein the management mode and the first edge node are each programmed to: enroll with the blockchain network to participate in decentralized management of the one or more edge nodes.
 6. The system of claim 1, wherein the management node is further programmed to: obtain a current state of the blockchain network based on the distributed ledger; obtain a global policy that specifies a desired state; and determine that the current state does not comply with the desired state.
 7. The system of claim 6, wherein the management node is further programmed to: determine that at least a first edge node from among the one or more edge nodes is in non-compliance with the desired state.
 8. The system of claim 7, wherein management node is further programmed to: generate a second change request that targets the first edge node to bring the first edge node into compliance with the global policy.
 9. A method, comprising: obtaining, by a management node of a blockchain network that includes one or more edge nodes, one or more management operations to be performed by the one or more edge nodes; generating, by the management node, a first ledger block that includes a payload specifying the one or more management operations; adding, by the management node, the first ledger block to the distributed ledger, a copy of which is stored at each of the one or more edge nodes; obtaining, by the management node from each of the one or more edge nodes, a blockchain transaction that indicates a respective state of each of the one or more edge nodes after each of the one or more edge nodes has implemented the one or more management operations; and generating, by the management node, a second ledger block that includes a second payload comprising the respective state of each of the one or more edge nodes obtained from the blockchain transaction; and adding, by the management node, the second ledger block to the distributed ledger.
 10. The method of claim 9, further comprising: obtaining, by at least a first edge node from among the one or more edge nodes, the first ledger block from a first copy of the blockchain ledger stored at the first edge node; reading, by the first edge node, the one or more management operations from the first ledger block; obtaining, by the first edge node, a first policy for the first edge node; determining, by the first edge node, that the first policy permits implementation of the one or more management operations; implementing by the first edge node, the one or more management operations; generating, by the first edge node, a second blockchain transaction that indicates the one or more management operations has been implemented at the first edge node; and broadcasting, by the first edge node, the second blockchain transaction to the blockchain network.
 11. The method of claim 10, wherein to obtaining, from each of the one or more edge nodes, a blockchain transaction, comprises: obtaining, by the management node, the blockchain transaction through a firewall that protects the private network.
 12. The method of claim 10, further comprising: determining, by at least a second edge node from among the one or more edge nodes, that an event at the second edge node has occurred; triggering, by the second edge node, a synchronization with a current state of the blockchain network; obtaining, by the second edge node, a current copy of the distributed ledger from at least one of the one or more edge nodes or from the management node; obtaining, by the second edge node, the current state of the blockchain network based on the current copy of the distributed ledger; and configuring, by the second edge node, the second edge node based on the current state of the blockchain network.
 13. The method of claim 10, further comprising: enrolling, by the management node, with the blockchain network to participate in decentralized management of the one or more edge nodes. enrolling, by the first edge node, with the blockchain network to participate in the decentralized management of the one or more edge nodes.
 14. A non-transitory machine-readable storage medium comprising instructions executable by a processor of at least a management node of a blockchain network comprising the management node and one or more edge nodes, the instructions programming the processor to: obtain a change request to be transmitted to at least a first edge node among the one or more edge nodes, the change request specifying one or more management operations; transmit the change request to the blockchain network; obtain, from each of the one or more edge nodes, respective blockchain transactions that indicates a respective state of each of the one or more edge nodes after each of the one or more edge nodes has responded to the change request; and generate a ledger block that includes a payload specifying the respective state of each of the one or more edge nodes obtained from each of the respective blockchain transactions; and add the ledger block to the distributed ledger.
 15. The non-transitory machine-readable storage medium of claim 15, the instructions executable by a second processor of at least a first edge node, the instructions programming the second processor to: obtain the change request; obtain a first policy for the first edge node; determine that the first policy permits implementation of the change request; implement the change request; generate a first blockchain transaction that indicates the change request has been implemented at the first edge node; and broadcast the first blockchain transaction to the blockchain network. 